Connecting an LDAP catalog

To work in the system of LDAP users, you must configure access to LDAP catalogs. 

To create an LDAP catalog, do the following:

  1. Go to the System settings tab → LDAP.
  2. Click the Add a new LDAP catalog button.
    A window with LDAP catalog settings opens:

    Field

    Description

    Source name

    Specify the catalog name

    Admin nameEnter the name of the user who has read access from the base DN in LDAP format (RDN + DN)
    Admin password

    Enter the user password

    LDAP attribute distinguish nameEnter the attribute from which the user's DN is identified

    LDAP attribute user login

    Enter the attribute from which the user name is identified

    To search for users by the sAMAccountName attribute, you must enter it in lowercase letters—samaccountname.

     
    LDAP attribute user nameEnter the attribute user name that the user sees after synchronization
    LDAP server network name

    Enter the IP address or network name of the LDAP server. If the server uses the SSL/STLS protocol mode, you can use only the network name

    Port

    		Enter the port to connect to the LDAP catalog server
    Search base distinguish name

    Enter the DN of the branch (Distinguished Name) from which you want to start the data search

    • If users in LDAP are located in several directories with a hierarchical structure, you cannot synchronize all users at the same time.
    • To synchronize each user group in the DN branch, you must specify the path to the appropriate directory.
      For example, LDAP has a directory called Employees and subdirectories called Managers, Cashiers, and Salespersons:
      • DN of the branch to synchronize users of the Managers directory: ou=Managers,ou=Employees,dc=example,dc=com.
      • DN of the branch to synchronize users of the Cashiers directory: ou=Cashiers,ou=Employees,dc=example,dc=com.

      • DN of the branch to synchronize users of the Salespersons directory: ou=Salespersons,ou=Employees,dc=example,dc=com.

    Search filter

    Enter the filter string of entries in the catalog

    To download users by groups rather than by catalogs, you must use the MemberOf attribute in the filter. For example:

    (&(objectClass=user)(memberof=CN=YourGroup,OU=Users,DC=YourDomain,DC=com))
     
    Checkbox

    Use SSL

    Set the checkbox if you want to use a secure connection (SSL) when you connect to the LDAP catalog

  3. You can also specify the settings to automatically synchronize the LDAP catalog. Without these settings, you must perform synchronization manually. To configure synchronization, do the following:
    1. Click the Sync schedule button.

    2. From the Time zone drop-down list, select the time zone for synchronization.

    3. In the Start time field, set the start time of synchronization.
    4. Select the periodicity of synchronization:
      1. Select Weekly and select the days on which you want synchronization to be performed.

      2. Select Interval in hours and select the time when you want synchronization to be performed again.

  4. Click the APPLY button.

As a result, the LDAP tab displays the catalog that you added.

Viewing users

To view the users of the catalog, click the LDAP catalog users button. As a result, the list of all users is displayed.

User synchronization

If you don’t specify the settings for automatic synchronization when you create the LDAP catalog, synchronization must be performed manually. To do this:

  1. Click the Manually sync users button.
  2. In the window that opens, click the Yes button.

As a result, the list of users is synchronized.

Deleting a LDAP catalog

To delete a LDAP catalog, do the following:

  1. Click the Delete button.
  2. In the window that opens, click the Yes button.

As a result, the selected LDAP catalog is deleted.